Appl. No. 10/709,398 PATENT 
Amdt. dated March 1, 2010 
Amendment under 37 CFR 1.114 
Request for Continued Examination 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a system for combating online fraud, the system comprising: 
a monitoring center for monitoring a suspicious email activity, the monitoring center 
comprising: 

a first computer, the first computer comprising instructions executable by the first 
computer to allow an analysis of an investigation of a uniform resource locator; 

a first telecommunication link configured to provide communication botwoon a 
technician and the customer, such that tho technician can notify the customer of a 
r e sult of th e inv e stigation of a uniform r e sourc e locator and the custom e r can 
provid e instructions for responding to a fraudulent attempt to collect p e rsonal 
information; and 

a second telecommunication link configured to provide data communication botwoon 
the monitoring center and at least one additional computer; and 
a secon d first computer in communication with the monitoring center via the second 
telecommunication link, the second computer including instructions executable by the 
second first computer to: 

gather an incoming email message, the incoming email message comprising a 

uniform resource locator; 
analyze the incoming email message; and 

based on an analysis of the incoming email message, categorize the incoming email 
message as a possibly fraudulent email message;-and 
a monitoring center, in communication with the first computer, for monitoring a suspicious 
email activity, the monitoring center comprising: 
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a second computer, the second computer comprising instructions executable by the 
second computer to investigate the uniform resource locator included in the 
incoming email message to determine whether a location referenced by the 
incoming email message is associated with a fraudulent attempt to collect 
personal information, wherein the instructions executable to investigate the 
uniform resource locator comprise instructions to: 

download at least one web page from the server referenced by the uniform 

resource locator;-and 
analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
confidential personal information to the server referenced by the at least 
one uniform resource locator; and 
determine, based at least in part on analysis of the at least one web page, that 
the at least one web page is engaged in a fraudulent attempt to collect 
confidential personal information; and 
a telecommunication link configured to provide communication between a technician 
and the customer, such that the technician can notify the customer of a result of an 
investigation of a uniform resource locator and the customer can provide 
instructions for responding to a fraudulent attempt to collect confidential personal 
information. 

2. (Original) A system for combating online fraud as recited in claim 1, 
wherein the first computer comprises further instructions executable by the first computer to 
analyze an investigation of a uniform resource locator. 

3. (Original) A system for combating online fraud as recited in claim 1, 
wherein the first computer comprises further instructions executable by the first computer to 
allow a technician to analyze an investigation of a uniform resource locator. 
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4. (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a computer system for combating online fraud, the computer system 
comprising: 

a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 

gather an incoming email message, the incoming email message comprising a 

uniform resource locator; 
analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email 

message as a possibly fraudulent email message; 
investigate the uniform resource locator included in the incoming email message to 

determine whether a location referenced by the incoming email message is 

associated with a fraudulent attempt to collect personal information; and 
initiate a response to the fraudulent attempt to collect personal information; 
wherein investigating the instructions executable by the processor to investigate the uniform 
resource locator comprises: comprise instructions executable by the processor to: 
downloading download at least one web page from the server referenced by the 

uniform resource locator;-a»d 
analyzing analyze the at least one web page to determine whether the at least one web 

page comprises a data collection mechanism for allowing a user to provide 

confidential p ersonal information to the server referenced by the at least one 

uniform resource locator, locator; and 
determine, based at least in part on analysis of the at least one web page, that the at 

least one web page is engaged in a fraudulent attempt to collect confidential 

personal information. 

5. (Currently Amended) A computer system for analyzing a suspicious 
email message, the computer system comprising: 
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a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 

parse the suspicious email message to identify a header portion of the suspicious 
email message, a body portion of the suspicious email message, and a uniform 
resource locator portion of the suspicious email message; 
analyze the header portion of the suspicious email message; 
analyze the body portion of the suspicious email message; 

investigate the uniform resource locator portion of the suspicious email message; and 
categorize the suspicious email message as a possibly fraudulent email message; 
wherein the instructions executable to investigate the uniform resource locator 
comprise instructions to: 

download at least one web page from the server referenced by the uniform 

resource locator;-a«d 
analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
confidential personal information to the server referenced by the at least 
one uniform resource locator, locator; and 
determine, based at least in part on analysis of the at least one web page, that 
the at least one web page is engaged in a fraudulent attempt to collect 
confidential personal information. 

6. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 5, wherein the instructions are further executable by the processor to: 

based on the analysis of the header portion of the email message, assign a score to the header 

portion of the suspicious email message; 
compare the score assigned to the header portion of the suspicious email message with a 
threshold score for the header portion of the suspicious email message; 
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based on the analysis of the body portion of the suspicious email message, assign a score to 

the body portion of the suspicious email message; 
compare the score assigned to the body portion of the suspicious email message with a 

threshold score for the body portion of the suspicious email message; and 
based on the analysis of the uniform resource locator portion of the suspicious email 

message, assign a score to the uniform resource locator portion of the suspicious email 

message. 

7. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 6, wherein the computer readable medium comprises further instructions 
executable by the processor to: 

compare the score assigned to the uniform resource locator portion of the suspicious email 
message with a threshold score for the uniform resource locator portion of the suspicious 
email message; and 

based on the comparison of the score assigned to the uniform resource locator portion of the 
suspicious email message and the threshold score for the uniform resource locator portion 
of the suspicious email message, categorize the suspicious email message as a possibly 
fraudulent email message. 

8. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 6, wherein the computer readable medium comprises further instructions 
executable by the processor to: 

compute a composite score based on the score assigned to the header portion of the 

suspicious email message, the score assigned to the body portion of the suspicious email 
message and the score assigned to the uniform resource locator portion of the suspicious 
email message; 

assign the composite score to the suspicious email message; 

compare the composite score assigned to the suspicious email message with a threshold 
composite score for the suspicious email message; and 
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based on the comparison of the composite score assigned the suspicious email message and 
the threshold score for the suspicious email message, categorize the suspicious email 
message as a possibly fraudulent email message. 

9. (Currently Amended) A computer system for investigating a suspicious 
uniform resource locator to determine whether a server referenced by the uniform resource 
locator may be involved in fraudulent activity, the computer system comprising: 
a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 

ascertain an address associated with a server referenced by the uniform resource 
locator; 

obtain information about an address the uniform resource locator purports to 

reference but actually does not reference; 
compare the ascertained address associated with the information about the address the 

uniform resource locator purports to reference; and 
based on the comparison of the ascertained address and the information about the 

address the uniform resource locator purports to reference, determine whethe r that 

the uniform resource locator is fraudulent, should be investigated; and 
interrogate the server referenced by the uniform resource locator, based upon a 

determination that the uniform resource locator should be investigated; 
wherein the instructions to interrogate the server referenced by the uniform resource 

locator comprise instructions executable by the processor to: 

download at least one web page from the server referenced by the uniform 
resource locator; 

analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
confidential personal information to the server referenced by the at least 
one uniform resource locator; and 
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determine, based at least in part on analysis of the at least one web page, that 
the at least one web page is engaged in a fraudulent attempt to collect 
confidential personal information; and 

10. (Canceled) 

1 1 . (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein computer readable medium comprises further 
instructions executable to generate an event report. 

12. (Canceled) 

13. (Currently Amended) A computer system for investigating a suspicious 
uniform resource locator as recited in claim-40^_9 wherein interrogating the server referenced by 
the uniform resource locator further comprises: 

examining the server for vulnerabilities that indicate the server possible has been 
compromised. 

14. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein ascertaining an address associated with the server 
referenced by the uniform locator comprises tracing a route to the server referenced by the 
uniform resource locator. 

15. (Previously Presented) A computer system for investigating a suspicious 
uniform resource locator as recited in claim 9, wherein obtaining information about an address 
the uniform resource locator purports to reference comprises parsing an anchor associated with 
the uniform resource locator to identify an apparent address for a server referenced by the 
uniform resource locator. 

16. (Previously Presented) A computer system for investigating a suspicious 
uniform resource locator as recited in claim 15, wherein obtaining information about an address 
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the uniform resource locator purports to reference further comprises obtaining WHOIS 
information about the apparent address for the server referenced by the uniform resource locator. 

17. (Previously Presented) A computer system for investigating a suspicious 
uniform resource locator as recited in claim 9, wherein obtaining information about an address 
the uniform resource locator purports to reference comprises parsing an anchor associated with 
the uniform resource locator to identify a trusted entity apparently referenced by the uniform 
resource locator. 

18. (Currently Amended) A computer system for responding to a fraudulent 
attempt to collect personal information, the computer system comprising: 

a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 
download a web page from a suspicious server; 

parse the web page to identify at least one field into which a user may enter personal 
information; 

analyze the at least one field to identify a type of information requested by the at least 
one field; 

determine, based at least in part on analysis of the at least one field, that the 
suspicious service is engaged in a fraudulent attempt to collect confidential 
personal information; 

generate a set of safe data comprising personal information associated with a 
fictitious entity; 

based on-an analysis of the at least one field, select at least a portion of the set of safe 
data comprising the type of information requested by the at least one field; 

format a response to the web page, the response including the portion of the safe data 
comprising the type of information requested by the at least one field; and 

transmit the response to the web page for reception by the suspicious server. 
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19. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 18, wherein analyzing the at least one field to 
identify a type of information requested by the field comprises interpreting a label associated 
with the at least one field. 

20. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 18, wherein the set of safe data is associated with 
a financial account, and wherein the computer readable medium comprises further instructions 
executable by the processor to: 

monitor the financial account for an account activity evidencing a use of information 

obtained from the set of safe data; and 
trace the account activity to identify an entity using the information obtained from the set of 
safe data. 

2 1 . (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 18, wherein the computer readable medium 
comprises further instructions executable by the processor to: 

generate a plurality of sets of safe data, each of the sets of safe data comprising personal 

information associated with a fictitious entity; 
based on an analysis of the at least one field, select at least a portion of each of the sets of 

safe data responsive to the at least one field; 
format a plurality of responses to the web page, each of the plurality of response including 

the portion of one of the sets of safe data, each of the portions of one of the sets of safe 

data being responsive to the at least one field; and 
transmit the plurality of responses to the web page for reception by the suspicious server. 

22. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 21, wherein the computer readable medium 
comprises further instructions executable by the processor to: 
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transmit for reception by the suspicious server a number of responses to the web page 
sufficient to cause a recipient of the responses to be uncertain which of a plurality of 
responses include valid personal information. 

23. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 21, wherein the computer readable medium 
comprises further instructions executable by the processor to: 

transmit for reception by the suspicious server a number of responses to the web page 

sufficient to indicate that the fraudulent attempt to collect personal information has been 
discovered. 

24. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 2 1 , wherein the computer readable medium 
comprises further instructions executable by the processor to: 

transmit for reception by the suspicious server a number of responses to the web page 

sufficient to prevent the suspicious server from receiving any responses comprising valid 
personal information. 

25. (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a system for combating online fraud, the system comprising: 

a monitoring center for monitoring a suspicious email activity, the monitoring center 

comprising a first computer, the first computer including instructions executable by the 
first computer to allow the analysis of the suspicious email activity and the initiation of a 
response to the suspicious email activity; 
a second computer in communication with the monitoring center, the second computer 
including instructions executable by the second computer to: 

gather an incoming email message addressed to at least one bait email address that 
has been seeded at a location on a computer network likely to be a target for a 
third party attempting to harvest email addresses, the incoming email message 
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including a uniform resource locator configured to direct a recipient of the 
incoming email message to a web site referenced by the uniform resource locator; 
and 

a third computer in communication with the second computer and further in communication 
with the monitoring center, the third computer including instructions executable by the 
third computer to: 

analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email 

message as a fraudulent email message; 
investigate the uniform resource locator included with the incoming email message to 
determine information about a server hosting the web site referenced by the 
uniform resource locator; and 
prepare a report comprising at least some of the information about the server hosting 

the web site referenced by the uniform resource locator; 
wherein the instructions executable to investigate the uniform resource locator 
comprise instructions to: 

download at least one web page from the server referenced by the uniform 

resource locator;-and 
analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
confidential personal information to the server referenced by the at least 
one uniform resource locator, locator; and 
determine, based at least in part on analysis of the at least one web page, that 
the at least one web page is engaged in a fraudulent attempt to collect 
confidential personal information. 

26. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to notify 
the customer that a fraudulent email message has been received. 
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27. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to 
analyze the suspicious email activity. 

28. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to analyze the suspicious email activity. 

29. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer and the second computer are the same computer. 

30. (Original) A system for combating online fraud as recited in claim 25, 
wherein the second computer and the third computer are the same computer. 

3 1 . (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to initiate an administrative response against an operator of the server. 

32. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to 
pursue an administrative response against an operator of the server. 

33. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to initiate a technical response against an operator of the server hosting the web site 
referenced by the uniform resource locator. 

34. (Original) A system for combating online fraud as recited in claim 33, the 
system further comprising a set of at least one computer, each computer of the set of at least one 
computer including instructions executable by that computer to pursue a technical response 
against the server. 
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35. (Original) A system for combating online fraud as recited in claim 34, 
wherein the set of at least one computer comprises a plurality of computers, such that pursuing a 
technical response against the server comprises pursuing a distributed technical response against 
the server. 

36. (Currently Amended) A computer readable medium comprising a 
computer software application including instructions that are executable by a computer to: 

create at least one safe account, the at least one safe account being associated with at least 

one bait email address; 
seed the at least one bait email address at a location on a computer network, the location 

being a likely target for a third party attempting to harvest email addresses; 
gather an incoming email message addressed to the at least one bait email address, the 

incoming email message including a uniform resource locator configured to direct a 

recipient of the incoming email message to a web site referenced by the uniform resource 

locator; 

analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email message 

as a possibly fraudulent email message; 
investigate the uniform resource locator included with the incoming email message to 

determine information about a server hosting the web site referenced by the uniform 

resource locator; 

prepare a report comprising at least some of the information about the server hosting the web 

site referenced by the uniform resource locator; and 
allow an analysis of the report to determine whether the server is likely to attempt to 

fraudulently collect personal information; 
wherein the instructions executable to investigate the uniform resource locator comprise 

instructions to: 

download at least one web page from the server referenced by the uniform resource 
locator;-and 



Page 14 of 24 



Appl. No. 10/709,398 PATENT 
Amdt. dated March 1, 2010 
Amendment under 37 CFR 1.114 
Request for Continued Examination 

analyze the at least one web page to determine whether the at least one web page 
comprises a data collection mechanism for allowing a user to provide confidential 
personal information to the server referenced by the at least one uniform resource 
locator, locator; and 

determine, based at least in part on analysis of the at least one web page, that the at 
least one web page is engaged in a fraudulent attempt to collect confidential 
personal information. 

37. (Previously Presented) A computer readable medium as recited in claim 
36, wherein the computer software application further comprises instructions executable by a 
computer to analyze the report to determine whether the server is likely to attempt to 
fraudulently collect personal information. 

38. (Previously Presented) A computer readable medium as recited in claim 
36, wherein the computer software application further comprises instructions executable by a 
computer to allow a technician to initiate an action in response to a fraudulent attempt by the 
server to collect personal information. 

39. (Previously Presented) A computer readable medium as recited in claim 
36, wherein the computer software application further comprises instructions by a computer to 
pursue an action in response to a fraudulent attempt by the server to collect personal information. 

40. (Previously Presented) A computer readable medium as recited in claim 
36, wherein the computer software application comprises a plurality of interoperable software 
modules, such that each of the plurality of interoperable software modules is executable by a 
different computer. 

41. -42. (Canceled) 

43. (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a method of combating online fraud, the method comprising: 
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creating at least one safe account, the at least one safe account being associated with at least 
one bait email address; 

seeding the at least one bait email address at a location on a computer network, the location 
being a likely target for a third party attempting to harvest email addresses; 

gathering an incoming email message addressed to the at least one bait email address, the 
incoming email message including a uniform resource locator configured to direct a 
recipient of the incoming email message to a web site referenced by the uniform resource 
locator; 

analyzing the incoming email message; 

based on an analysis of the incoming email message, categorizing the incoming email 

message as a fraudulent email message; 
investigating the uniform resource locator included with the incoming email message to 

determine information about a server hosting the web site referenced by the uniform 

resource locator; 

preparing a report comprising at least some of the information about the server hosting the 

web site referenced by the uniform resource locator; 
analyzing the report to determine whether the server is engaged in a fraudulent attempt to 

collect personal information; and 
taking an action to respond to the fraudulent attempt to collect personal information; 
wherein investigating the uniform resource locator comprises: 

downloading at least one web page from the server referenced by the uniform 

resource locator;-and 
analyzing the at least one web page to determine whether the at least one web page 
comprises a data collection mechanism for allowing a user to provide confidential 
personal information to the server referenced by the at least one uniform resource 
locator, locator; and 
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determining, based at least on part on analysis of the at least one web page, that the at 
least one web page is engaged in a fraudulent attempt to collect confidential 
personal information. 

44. (Original) A method of combating online fraud as recited in claim 43, 
wherein the bait email address is seeded at a location selected from the group consisting of a 
domain registration record, a newsgroup, an electronic mailing list, an electronic customer list, 
an online chat room, an online message board and a list of active email addresses. 

45. (Original) A method of combating online fraud as recited in claim 43, 
wherein the incoming email message purports to be from the customer. 

46. (Original) A method of combating online fraud as recited in claim 45, 
wherein the method further comprises establishing a customer profile for the customer, wherein 
the customer profile includes instructions governing how an attempted online fraud should be 
handled, and wherein taking an action to respond the fraudulent collection of personal 
information comprises consulting the customer profile to determine which of a plurality of 
actions to take to respond to the fraudulent collection of personal information by the server. 

47. (Original) A method of combating online fraud as recited in claim 45, 
wherein taking an action to respond to the fraudulent collection of personal information by the 
server comprises notifying the customer of the fraudulent attempt to collect personal 
information. 

48. (Original) A method of combating online fraud as recited in claim 43, 
wherein taking an action to respond to a fraudulent attempt by the server to collect personal 
information comprises pursuing an administrative response against an operator of the server. 

49. (Original) A method of combating online fraud as recited in claim 48, 
wherein pursuing an administrative response against an operator of the server comprises 
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notifying an Internet service provider associated with the server that the server is engaged in a 
fraudulent activity. 

50. (Original) A method of combating online fraud as recited in claim 43, 
wherein the information about the server indicates that the server has been used compromised in 
a fraudulent attempt to collect personal information, and wherein taking an action to respond to a 
fraudulent attempt by the server to collect personal information comprises notifying an operator 
of the server that the server has been compromised. 

51. -52. (Canceled) 

53. (Previously Presented) A method of combating online fraud as recited in 
claim 43, wherein taking an action to respond to a fraudulent attempt by the server to collect 
personal information comprises pursuing a technical response against the server. 

54. (Original) A method of combating online fraud as recited in claim 53, 
wherein pursuing a technical response against the server comprises providing fictitious personal 
information to the server, and wherein the fictitious personal information is formatted to be 
responsive to the at least one field for providing personal information to a web page hosted by 
the server. 

55. (Original) A method of combating online fraud as recited in claim 54, 
wherein the fictitious personal information provided to the server comprises a traceable 
identifier, and wherein pursuing a technical response against the server comprises tracing a use 
of the traceable identifier. 

56. (Original) A method of combating online fraud as recited in claim 55, 
wherein the traceable identifier comprises an account identifier for a financial account associated 
with the customer. 
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57. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing sufficient fictitious 
personal information to impede the use of any valid personal information received by the server. 

58. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing sufficient fictitious 
personal information to notify an operator of the server that the attempt to fraudulently collect 
personal information has been discovered. 

59. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing fictitious personal 
information at a rate sufficient to impede the server's ability to receive personal information from 
any other sources. 

60. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises transmitting the fictitious 
personal information from a plurality of computers. 

61 . (Previously Presented) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locator further comprises accessing a set of 
WHOIS information about an apparent address referenced by the uniform resource locator. 

62. (Previously Presented) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locator further comprises ascertaining an 
Internet Protocol address referenced by the uniform resource locator. 

63. (Previously Presented) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locator further comprises interrogating the 
server hosting the web site referenced by the uniform resource locator. 
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64. (Previously Presented) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locator further comprises tracing a network 
route to the server. 

65. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a header portion of the 
incoming email message. 

66. (Original) A method of combating online fraud as recited in claim 65, 
wherein analyzing a header portion of the incoming email message comprises determining 
whether the incoming message is a spoofed message. 

67. (Original) A method of combating online fraud as recited in claim 65, 
wherein analyzing a header portion of the incoming email message comprises determining 
whether the incoming email message originates from a suspicious Internet domain. 

68. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a body portion of the 
incoming email message. 

69. (Original) A method of combating online fraud as recited in claim 68, 
wherein analyzing a body portion of the incoming message comprises searching the body portion 
of the incoming message for strings indicating that the incoming message may be part of an 
attempt to fraudulently collect personal information. 

70. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a uniform resource locator 
included in the incoming email message. 
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71 . (Original) A method of combating online fraud as recited in claim 70, 
wherein analyzing a uniform resource locator included in the incoming email message comprises 
determining whether the uniform resource locator references a suspicious Internet location. 

72. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises assigning a score to the incoming 
email message. 

73. (Original) A method of combating online fraud as recited in claim 72, 
wherein analyzing the incoming email message further comprises comparing the assigned score 
with a threshold score. 

74. (Previously Presented A system for combating online fraud as recited in 
claim 1 , wherein the web page comprises a form and the data collection mechanism comprises 
one or more fields on the form. 
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